1. Field of the Invention
The present invention relates to a system for and of unconditionally secure signature, more specifically to a digital signature system, a computer and a terminal device used in the digital signature system, a method of establishing a signing-key, a verification-key and a digital signature, a method of verifying a digital signature.
2. Description of the Background Art
In recent years, digital signatures are used as proof of authorship of, or at least agreement with, digital data.
While some data may only require the assurance of integrity for a relatively short period of time (say up to 5 years), some other important data, such as court records and speeches by a parliamentarian, require the assurance of integrity for a long period of time (say up to 50 years).
Currently, digital signature schemes based on the number theoretic problems are the prevalent methods used in providing data integrity. These schemes rely for their security on the assumed computational difficulty of computing certain number theoretic problems, such as factoring large composites or solving discrete logarithms in a large finite field. Progress in computers as well as further refinement of various algorithms has made it possible to solve the number theoretic problems of larger sizes. As an example, in August 1999, a team of researchers from around the world succeeded in cracking a 512-bit RSA composite by the use of the Number Field Sieve over the Internet. One can safely predict that even larger composites will be factored in the future.
The above discussions indicate the necessity of digital signature schemes that provide assurance of long term integrity. In the past decade, several attempts by various researchers have been made to address the problem. However, schemes proposed by these researchers are essentially variants of authentication codes, and none of these schemes has addressed the transferability of signatures among recipients.
Besides this, it is desired that a user's public key is based on the identity of the user so that other users do not need to verify the validity of the relationship between a public key and an owner.